block_options
- do not generate rst blocking and redirection packets for packets directed from inet-→subs. Descriptionfdpi_ctrl list profile --policing --profile.name htb_6 --outformat=json2
asnum.bin
from the cloud, the asnum_download
parameter is similar to the set of values in federal_black_list
.mem_ssl_savebl
(cold). Specifies the number of buffers saved for SSL parsing during packet reordering.mem_ssl_parsers
. If the value == 0, saving and processing do not occur.mem_ssl_parsers : 320000 mem_ssl_savebl : -1 (32000)
mem_ssl_savebl=1234
is setmem_ssl_parsers : 320000 mem_ssl_savebl : 1234 (1234)
[STAT ][2024/08/07-13:33:16:262335] Detailed statistics on SSL_SAVEBL : thread_slave= 0 : 1522/1/32000 0/0/0/0/0/ 1/1/348 348/348/348 Total : 1522/1/32000 0/0/0/0/0/ 1/1/348 348/348/348
Let's denote: a1/a2/a3 b1/b2/b3/b4/b5 c1/c2/c3 d1/d2/d3
a1
— allocated memory size for saving the record of subsequent parsing (matches snaplen)
a2
— records allocated
a3
— records used
b1
— total number of errors during packet saving processing
b2
— buffer size read is too large
b3
— an incorrect isbl_t ind_
was passed to the function
b4
— error adding a record to arw — no space to save the list of used buffers
b5
— error adding data to p_data
(unable to save buffer)
c1
— number of requests for data saving
c2
— saved packets released
c3
— total size of packets that were saved
d1
— average size of saved TCP packet
d2
— min size of saved TCP packet
d3
— max size of saved TCP packet
permit
.on_stick
added to the JSON output of the dev xstat
commanddev info
command for on-stick devices."pci_address": "on-stick based on 82:00.3"
Now:
// base device address "pci_address": "82:00.3" // on-stick flag "on-stick": "true|false"
[STAT ][2024/08/19-17:26:05:599912] Detailed statistics on SSL_SAVEBL: thread_slave= 0 : 1522/1/32000 0/0/0/0/0/ 6/6/2561 426/348/556 1/1/32000 Total: 1522/1/32000 0/0/0/0/0/ 6/6/2561 426/348/556 1/1/32000
Explanation: a1/a2/a3 b1/b2/b3/b4/b5 c1/c2/c3 d1/d2/d3 e1/e2/e3
a1
— memory size allocated for saving the record of the subsequent analysis (matches snaplen)
a2
— records allocated
a3
— records used
b1
— total number of errors in packet save processing
b2
— read buffer size is too large
b3
— invalid isbl_t ind_
passed to the function
b4
— error adding records to arw — no space to save the list of used buffers
b5
— error adding data to p_data
(unable to save buffer)
c1
— number of requests to save data
c2
— saved packets freed
c3
— total size of packets that were saved
d1
— average size of the saved TCP packet
d2
— min size of the saved TCP packet
d3
— max size of the saved TCP packet
e1
— records used in the arw queue
e2
— free records (can be reused)
e3
— records allocated in the queue
mem_quic_ietf_savebl
. Specifies the number of buffers for parsing quic_ietf
requests consisting of multiple packets. Default value is 15% of mem_ssl_parsers
"HLS VIDEO" 49298 "ICMP TUNNEL" 49299 "DNS TUNNEL" 49300 "FORTICLIENT_VPN" 49301
router vrf show
output now includes statistics on TAP devices: how many packets/bytes were read from TAP, how many were written to the port from TAP, how many were sent to TAP, the number of events, and errors.You can check the current installed version with the command below
yum info fastdpi
If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:
sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo
and then update as usual.
To install the test version, you should issue the following command:
yum --enablerepo vasexperts-beta update fastdpi
Downgrade to 13.1:
yum downgrade fastdpi-13.1 fastpcrf-13.1